Skip to main content
  1. Home
  2. Computing
  3. News

Apple mistakenly verified a macOS malware

By

A malware Mac package slipped past Apple’s verification process, a new report finds. As per security researcher, Patrick Wardle, Apple inadvertently approved a malicious desktop app that was disguised as an Adobe Flash installer to trick users.

Apple allows Mac users to install apps from sources outside of its own App Store. However, to ensure this policy doesn’t end up infesting Macs with viruses and malware, the company has a process called “notarization” that scans apps for security issues. Developers are required to submit their code prior to distribution for approval. If an app is unable to get past this verification stage, it is automatically blocked by Mac’s built-in screening program, Gatekeeper — irrespective of where it was downloaded from.

Recommended Videos

Wardle discovered that a popular malware called Shlayer, which security firm Kaspersky labeled as the most common threat that Macs faced in 2019, featured snippets of code that were officially notarized by Apple. Therefore, if someone downloaded and tried to run this on their Mac, they wouldn’t be alerted through any warnings. Shlayer is an adware that can intercept your web traffic and replace the webpages you try to load with its own malicious ads.

Related

Apple’s review process couldn’t detect the malware and green-lighted it to run on all macOS versions, even Big Sur that is currently in beta.

“As far as I know, this is a first: malicious code gaining Apple’s notarization ‘stamp of approval’,” Wardle wrote in the blog post.

Since it was reported, Apple says it has patched and revoked the notarized payloads. Soon after that, however, the same group of attackers somehow released a new, notarized package — which Apple confirmed has been banned as well.

“Malicious software constantly changes, and Apple’s notarization system helps us keep malware off the Mac and allows us to respond quickly when it’s discovered,” Apple commented in a statement to Digital Trends. “Upon learning of this adware, we revoked the identified variant, disabled the developer account, and revoked the associated certificates. We thank the researchers for their assistance in keeping our users safe.”

Editors’ Recommendations

Topics
Shubham Agarwal
Shubham Agarwal
Journalist
Shubham Agarwal is a freelance technology journalist from Ahmedabad, India. His work has previously appeared in Firstpost…
This hidden menu has forever changed how I use my Mac
A comparison of two images in macOS Ventura. The image on the left is the original, while the image on the right has had its background removed using a Quick Action.

The more you use Apple’s macOS operating system, the more you come across amazing little tools and features that you’ve somehow never heard of, yet which can totally blow your mind. I’ve been using Macs for over a decade, yet I just stumbled upon a killer feature I never knew existed -- and I absolutely love it.

That feature is called Quick Actions, and you’ll need macOS Mojave or later to give it a try. The name is pretty self-explanatory -- they’re a collection of lightweight tools and tweaks that can save you oodles of time. The reason I never knew about them, though, is they’re hidden away in the right-click menu. I use keyboard shortcuts all the time, so rarely open this menu. But Quick Actions are worth breaking your habits for.

Read more
Report: Apple’s 2024 MacBooks may face some serious shortages
Apple's John Ternus stands next to an image of the 15-inch MacBook Air at Apple's Worldwide Developers Conference (WWDC) in June 2023.

Looking forward to getting a new MacBook in the next year or so? You might have to wait longer than expected, as Apple chip supplier TSMC is reportedly struggling to get enough skilled workers for its forthcoming Arizona factory. That could mean we see serious shortages of Apple laptops and a struggle to get hold of stock.

The bad news comes from The Wall Street Journal. According to the outlet, TSMC has said that “people with expertise erecting semiconductor facilities were in short supply in the U.S.” As a result, the Arizona factory “would miss its target of starting mass production next year.”

Read more
The M3 MacBook Pro may launch sooner than anyone expected
Fortnite running on a Macbook M1.

Earlier this week, we learned that Apple’s next batch of Macs loaded with M3 chips could be set to launch in the fall. Today, a fresh report claims they could arrive ahead of schedule -- but there are reasons to be doubtful.

The idea comes from a paywalled DigiTimes report (via MacRumors), which cites “industry sources” to claim that Apple will introduce a new MacBook Pro -- complete with a 3-nanometer Apple silicon chip that will boast improved performance and efficiency -- as soon as the third quarter of 2023. That quarter runs from July 1 until September 30.

Read more